I have the same problem. Today i try to add app for air bundles to sandbox but always prompt Quarantine resolution refused. However when i remove sandbox everything is all right(Before we had submitted to Mac App Store, id is 530075950). I searches to search, discover the problem goes to go up in open directory eventually that using function for openWithDefaultApplication of file class.

Thanks for your reply, but we are speaking about packaging for Desktop. Now the apple require the sandboxing in your app, and we don't know how to. We can't upload our APP on Mac App Store cause the sandbox is not enabled. How can we enable it? (sorry my English)

2 - You now need to add 2 icons in the generated YourApp.app/Contents/Resources/Icons.icns file : 512x512 and 1024x1024 (yeah, that's huge, it's for retina display). I did this on Windows using a trial version of IcoFx, I don't know on Mac but a little googling should do the trick in no time. Note that you MUST do this before signing the app.

3- Create an entitlements.plist file that defines sandboxing as enabled

4- When you codesign your application, define entitlements with previously created file. This will NOT overwritte the Info.plist file found in YouApp.app/Contests. Also note that paths can be relative.

NOTE : I don't know if you need to enable sandboxing for each of the Adobe bundles you have to sign with your developer certificate. In the end, I didn't do it, we'll see what Apple will decide.

5 - Confirm that sandboxing is enabled by running the following command. Don't forget the lonely ' - ', it specifies standard output as display output. You should see the path of the executable followed by the content of your entitlements.plist file. If not, you did something wrong and you should check out step 1,2 or 3 again.

In fact all you have to do is replace step 3 ("Codesign inner Adobe bundles with your developer certificate") from the Pigsel guide and replace it with steps 1 to 5 from my post. My step 6 is referring to the "Creating an installation package" part of the guide, I've just copy/pasted the command and warned that INSTALLATION_PAH must be set to /Applications now or else the app will be refused on upload to Apple.

I have bought the Apple developer program, generate and download my certificates, follow all the steps and when I try to codesign my app file, I get the following error: object file format unrecognized, invalid, or unsuitable

Note: My app was created with Flex and the app file was created with AIR 3.3 capitva runtime thru Flash Builder 4.6.

You need the application to be in a ".app" format, not .air or .dmg . You can't do this through Fash Builder and must run the adt command manually on your compiled myApp.swf and myApp-app.xml (and all other required assets) using the "-target bundle" switch. this will create a .app file. You can refer to Packaging a captive runtime bundle for desktop computers for more informations.

Well, the current release of Flash Builder 4.6, can build one app file with the captiva runtime and I tought that something was wrong, so go thru the command line adt process and after sucessfull build I get the same error.

The next step was to try to re-sign another app that I previous have installed in my system (a copy of one app file from the Mac App Store) just for in case something external to the AIR/Flex environment and I get the same error !!!

So, I go thru the XCode -> Preference -> Downloads -> Install Command Line Tools (this will update my previous version of the command line tool codesign) and voilá. I can now create one app file directly from the Flash Builder 4.6 and simple code sign the file from the command line tool. After all the problem was with one old command line tool installed in my system

What I waste of time but also experience gain (I'm a Mac user only from 3 month).

Well, I go now for all the process, publish in the markeplace and see if my app will also been approved.

Well, after 15 days my app finally enter in review process so at least it should be fine in all this process but unfortunally it was my first rejected app because of 2 simple reasons:

1. I have one mobile menu item that knows to the user my mobile version (iOS and Android) and Apple dont allow that;

2. My app starts with a very simple "1.0 like" interface that user can expand with a menu item called "install apps" that is no more than activate/visible modules already available but the term "install" generate a big confusion because Apple dont allow install/download external apps.

I remove the advartising menu item of the mobile edition and change the "install apps" title to "activate apps".

Lets see and many days thei took the app again and if this time they approve

It works great in development environment but failled because I use remote procedure call (for a sync feature with a backend).

The entitlements.plist as mention above it's the mininum requirement for the app is proper sandboxed but then we have to enter new keys when using the system resources. In my case I only have to add the key security.network so the Apple stuff can check this key and decide if will be approved to use this resources or not the app and without the key the sandbox simple block the use of this resource.